A comprehensive multi-tenant e-commerce SaaS platform built with AWS serverless technologies, designed as a reference solution for AWS workshops. The platform enables vendors (tenants) to self-provision through a landing page with tier-based deployment strategies.
The solution follows a Control Plane and Application Plane architecture with AI-powered features:
- Control Plane: Handles tenant registration, authentication, and provisioning
- Application Plane: Provides e-commerce functionality (products, orders, users)
- AI Description Agent: Generates compelling product descriptions using Amazon Bedrock
- 3 Web Applications: Landing page, admin panel, and tenant SaaS app
Basic Tier ($29/month):
- Shared Lambda functions and DynamoDB tables
- Shared Cognito User Pool for all Basic tenants
- Cost-optimized through resource sharing
Premium Tier ($99/month):
- Shared Lambda functions but dedicated DynamoDB table for orders
- Shared Cognito User Pool for all Premium tenants
- Better isolation while maintaining cost efficiency
- AWS CLI configured with appropriate permissions
- Node.js (v18 or later)
- npm or yarn
- AWS CDK CLI (
npm install -g aws-cdk)
-
Clone and setup:
git clone <repository-url> cd agentic-insights-saas npm install
-
Deploy to AWS:
./scripts/lab1.1-deploy-base-architecture.sh
-
Deploy AI Product Description Agent (Optional):
./scripts/lab-01.2-deploy-product-description-ai-agent.sh
The deployment script automatically generates and manages configuration files for all web applications:
Automatic Configuration:
- β Auto-generated config - API URLs and CloudFront URLs automatically populated
- β Change detection - Only redeploys web apps when URLs actually change
- β Region-agnostic - Works seamlessly across all AWS regions
- β
Single source of truth - All configuration centralized in
web/shared/config.js
Deployment Options:
# Normal deployment - only redeploys web apps if configuration changed
./scripts/lab1.1-deploy-base-architecture.sh
# Force deployment - always redeploys web apps (useful for testing)
./scripts/lab1.1-deploy-base-architecture.sh --forceConfiguration Structure:
// Auto-generated web/shared/config.js
window.APP_CONFIG = {
CONTROL_PLANE_API_URL: 'https://api-id.execute-api.region.amazonaws.com/prod',
APP_PLANE_API_URL: 'https://api-id.execute-api.region.amazonaws.com/prod',
SAAS_APP_URL: 'https://cloudfront-id.cloudfront.net',
ADMIN_PANEL_URL: 'https://cloudfront-id.cloudfront.net',
LANDING_PAGE_URL: 'https://cloudfront-id.cloudfront.net',
REGION: '<region_name>'
};Benefits:
- π Faster deployments - Skips unnecessary web app redeployments
- π§ No manual updates - Configuration automatically synced with infrastructure
- π Multi-region ready - Deploy to any region without code changes
- β‘ Efficient caching - CloudFront cache only invalidated when needed
To deploy the solution to a different AWS region (e.g., us-east-2, eu-west-1):
-
Set target region:
export AWS_DEFAULT_REGION=us-east-2 export CDK_DEFAULT_REGION=us-east-2 # Or update AWS CLI configuration aws configure set region us-east-2
-
Update Bedrock model configuration (if deploying AI agent):
# Edit src/app-plane/agents/product-desc/agent-config.yaml # Change model ID format based on region: # For us-east-1: us.anthropic.claude-3-haiku-20240307-v1:0 # For other regions: anthropic.claude-3-haiku-20240307-v1:0
-
Verify Bedrock model availability:
# Check if Claude Haiku 4.5 is available in target region aws bedrock list-foundation-models --region us-east-2 \ --query 'modelSummaries[?contains(modelId, `claude-haiku`)]'
-
Deploy to new region:
./scripts/lab1.1-deploy-base-architecture.sh
- Bedrock Availability: Ensure Claude Haiku 4.5 is available in your target region
- Model ID Format: Some regions use different model ID formats (with/without region prefix)
- Service Availability: All core AWS services (Lambda, DynamoDB, API Gateway, EventBridge, S3, CloudFront) are available in all major regions
- Frontend URLs: The deployment script automatically updates frontend configurations with new region-specific API Gateway URLs
After successful deployment:
- Landing Page: For tenant registration
- Admin Panel: For platform management
- SaaS App: For tenant e-commerce operations
URLs will be displayed in the deployment output and are region-specific.
To remove all resources:
./scripts/delete-all.shagentic-insights-saas/
βββ infra/ # CDK Infrastructure (TypeScript)
β βββ main.ts # CDK app entry point
β βββ control-plane-stack.ts # Control plane resources
β βββ app-plane-stack.ts # Application plane resources
β βββ ai-description-stack.ts # AI product description agent
βββ src/ # Lambda Functions (Python)
β βββ control-plane/ # Control plane services
β β βββ registration/ # Tenant registration
β β βββ login/ # Authentication
β β βββ tenant-management/ # Tenant CRUD
β β βββ tenant-provisioning/ # Resource provisioning
β βββ app-plane/ # Application plane services
β βββ authorizer/ # JWT validation
β βββ product/ # Product management
β βββ product-desc/ # AI description generation
β βββ order/ # Order processing
β βββ user/ # User management
β βββ user-creation/ # EventBridge user creation
βββ web/ # Frontend Applications
β βββ shared/ # Shared configuration
β β βββ config.template.js # Configuration template
β β βββ config.js # Auto-generated config (deployment)
β βββ landing-page/ # Tenant registration
β βββ admin-panel/ # Platform management
β βββ saas-app/ # E-commerce application
βββ scripts/ # Deployment scripts
β βββ lab1.1-deploy-base-architecture.sh # Lab 01.1: Base deployment
β βββ delete-all.sh # Complete cleanup
βββ specs/ # Documentation
βββ requirements.md # Detailed requirements
βββ design.md # Technical design
βββ tasks.md # Implementation plan
- Complete data isolation using tenant_id filtering
- Tier-based resource allocation (Basic vs Premium)
- EventBridge-driven tenant provisioning and user creation
- Product Management: Create, read, update, delete products
- AI Product Descriptions: Generate compelling descriptions using Amazon Bedrock
- Shopping Cart: Multi-product cart with real-time totals and visual indicators
- Order Processing: Multi-product order creation with success notifications
- User Management: Role-based access control with self-deletion prevention
- Landing Page: Tier selection and self-registration with form validation
- Admin Panel: Tenant management dashboard with statistics and insights
- SaaS App: Full e-commerce functionality with modular JavaScript architecture
- JWT-based authentication with Cognito and token expiration handling
- Lambda authorizer for API protection
- Role-based access control (tenant_admin vs tenant_user)
- Cross-tenant access prevention with comprehensive input validation
- Responsive Design: Mobile-optimized layouts with modern CSS animations
- Real-time Updates: Live cart totals and loading states for all operations
- Error Handling: Comprehensive validation with user-friendly error messages
- Success Feedback: Visual confirmations and auto-dismiss notifications
- Automated Deployment: One-command deployment with configuration updates
- Smart Configuration Management: Auto-generated config files with change detection
- Efficient Deployments: Only redeploys web apps when URLs actually change
- Smart Cleanup: Comprehensive resource removal with S3 bucket emptying
- Admin Tools: Dashboard statistics and tenant management interface
- Monitoring Ready: Structured logging and error tracking
- AWS CDK: Infrastructure as Code (TypeScript)
- AWS Lambda: Serverless compute (Python 3.11)
- Amazon DynamoDB: NoSQL database
- Amazon Cognito: User authentication
- Amazon EventBridge: Event-driven architecture
- Amazon API Gateway: REST APIs
- Amazon S3 + CloudFront: Web hosting
- Amazon Bedrock: AI-powered content generation (Claude Haiku 4.5 & Claude Sonnet 4.5)
- Vanilla JavaScript: No frameworks, modern ES6+
- HTML5 + CSS3: Responsive design
- Modular Architecture: Organized JavaScript modules
POST /register- Tenant self-registrationPOST /login- User authenticationGET /tenants- List tenants (admin only)POST /tenants- Create tenant (admin only)DELETE /tenants/{id}- Delete tenant (admin only)
GET /basic/products- List productsPOST /basic/products- Create productGET /basic/products/{id}- Get product detailsPUT /basic/products/{id}- Update productDELETE /basic/products/{id}- Delete productGET /basic/orders- List ordersPOST /basic/orders- Create order
GET /premium/products- List productsPOST /premium/products- Create productGET /premium/products/{id}- Get product detailsPUT /premium/products/{id}- Update productDELETE /premium/products/{id}- Delete productGET /premium/orders- List ordersPOST /premium/orders- Create order
GET /user- List tenant usersPOST /user- Create tenant userPUT /user/{id}- Update tenant userDELETE /user/{id}- Delete tenant user
POST /ai/generate-description- Generate AI product descriptions
The platform uses EventBridge for decoupled communication:
- Tenant Registration: Triggers provisioning events
- User Creation: EventBridge-driven user creation in appropriate Cognito pools
- Premium Provisioning: Dynamic DynamoDB table creation for Premium tenants
Beyond the core specifications, this implementation includes several enhancements for production readiness:
- Modular JavaScript Architecture: Organized into separate files (auth.js, products.js, cart.js, orders.js, users.js) for maintainability
- Enhanced Admin Dashboard: Statistics, tenant insights, and visual status indicators
- Real-time Cart Updates: Live totals, visual indicators, and smooth animations
- Comprehensive Loading States: Progress indicators for all async operations
- Success Notifications: Auto-dismissing confirmations with detailed feedback
- Intelligent Content Generation: One-click AI product description generation using Amazon Bedrock
- Cost-Effective AI: Claude Haiku 4.5 model optimized for speed and cost efficiency
- Usage Tracking: Real-time token consumption and cost monitoring per tenant
- Seamless Integration: Generate button embedded in product creation/editing forms
- Professional Quality: Expert e-commerce copywriter persona for compelling descriptions
- Structured Logging: Comprehensive usage analytics in CloudWatch for billing and monitoring
- Token Expiration Handling: Automatic logout on expired sessions
- Self-Deletion Prevention: Users cannot delete their own accounts
- Input Sanitization: Comprehensive validation at all layers
- Automatic Session Management: Seamless token refresh and error handling
- Smart Deployment Scripts: Automatic configuration updates and admin user creation
- Centralized Configuration: Auto-generated config files with change detection and region portability
- Efficient Deployments: Only redeploys web apps when URLs actually change, with force flag support
- Intelligent Cleanup: S3 bucket emptying and premium table cleanup
- Colored Console Output: Enhanced deployment feedback with progress indicators
- Responsive Design: Mobile-optimized layouts with modern CSS animations
- Comprehensive Error Messages: User-friendly validation with specific guidance
- Retry Mechanisms: Robust deployment with automatic retries
- Structured Logging: CloudWatch integration with tenant context
- Professional UI/UX: Modern gradients, hover effects, and smooth transitions
All enhancements maintain full compatibility with the original specifications while providing a production-ready experience.
- Deploy the complete solution with one command
- Explore multi-tenant SaaS patterns
- Understand tier-based resource allocation
- Learn EventBridge-driven architecture
- Clean up everything with one command
- Reference implementation for multi-tenant SaaS
- Modern serverless architecture patterns
- Cost optimization strategies
- Security best practices
- Event-driven microservices
- JWT Authentication: Secure token-based authentication
- Tenant Isolation: Complete data separation
- Role-Based Access: Admin vs user permissions
- API Authorization: Lambda authorizer protection
- Input Validation: Comprehensive validation at all layers
- CloudWatch Logs: All Lambda functions log structured data
- X-Ray Tracing: End-to-end request tracing
- EventBridge Monitoring: Event processing metrics
- API Gateway Metrics: Request/response monitoring
The solution includes comprehensive testing strategies:
- Unit Testing: Python Lambda functions with pytest
- Integration Testing: API Gateway endpoints
- End-to-End Testing: Complete user workflows
- Multi-Tenant Testing: Data isolation verification
This is a reference implementation for AWS workshops. For improvements:
- Fork the repository
- Create a feature branch
- Make your changes
- Test thoroughly
- Submit a pull request
This project is licensed under the MIT License - see the LICENSE file for details.
For issues and questions:
- Check the documentation in the
specs/folder - Review the CloudFormation outputs after deployment
- Check CloudWatch logs for debugging
- Ensure AWS permissions are correctly configured
Built as a reference solution for AWS workshops, demonstrating:
- Modern serverless architecture patterns
- Multi-tenant SaaS best practices
- Cost optimization strategies
- Event-driven design principles
- Security and compliance considerations
Happy Building! π